[x]
Posted via EE Mobile

Search, ask, and monitor your questions on the go with EE Mobile. Visit Experts Exchange from your mobile device and never be out of touch again.
Question
[x]
Attachment Details
[x]
The Solution Rating System

With so many solutions, how can you tell which solutions are most likely to help you and which ones are not? To provide you with a tool to use, we rate our solutions based on various elements that most accurately determine if a solution is a quality solution. To explain what factors affect the solution rating, here are the elements we take into consideration when formulating our solution rating.

  • The Grade of the Solution
  • The Zone Rank of the Expert Providing the Solution
  • The Number of Author and Expert Comments
  • The Number of Experts Contributing
  • The Feedback of the Community

Your Input Matters
Because of the way the system is set up, the most important variable in this equation is you. As a member of Experts Exchange, you are able to cast your vote on the quality of the solutions in regard to how complete, accurate, helpful and easy to understand each solution is. When you provide your feedback, each rating is adjusted accordingly. So, if you see a solution that has a poor rating that you think is a good solution, let us know by rating it. As you do, the rating will be adjusted and will become more accurate for other members of our site.

If you have any suggestions that you would like to make for our rating system, please ask a question in the Suggestions Zone of Community Support.

Thank you!
7.8

System32 pop-up and adware pop-ups not cleaned after Adaware or Spybot

Asked by dd262 in Windows Network Security

Tags: system32, up

I am helping someone with malware and adware issues on their Windows XP Professional PC which is mainly used by teenagers. They were having IE hijacking problems.

I have run a deep scan with Adaware and after several passes it identifed and cleaned up over 300 occurrences. I then ran SpyBot, which also identified a dozen or so and removed those. However, after running these, I am having an issue still with ad pop-ups and with the System32 folder constantly opening up. I have run cleanmgr, emptied temp files, deleted cookies. I have run hijackthis and here is its log:

Logfile of HijackThis v1.97.7
Scan saved at 4:16:13 PM, on 9/4/2004
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\BCMSMMSG.exe
C:\WINDOWS\System32\DSentry.exe
C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe
C:\Program Files\Common Files\Dell\EUSW\Support.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\Rxzsb.exe
C:\WINDOWS\System32\Fclgv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Dell\Support\Alert\bin\NotifyAlert.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\username\Desktop\HijackThis.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Messenger\msmsgs.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net/
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie/button/search.html
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
O1 - Hosts: 64.200.25.145 gator.com #cooklop
O1 - Hosts: 64.200.25.145 tripod.com #cooklop
O1 - Hosts: 64.200.25.145 www.tripod.com #cooklop
O1 - Hosts: 64.200.25.145 adultfriendfinder.com #cooklop
O1 - Hosts: 64.200.25.145 www.adultfriendfinder.com #cooklop
O1 - Hosts: 64.200.25.145 cj.com #cooklop
O1 - Hosts: 64.200.25.145 www.cj.com #cooklop
O1 - Hosts: 64.200.25.145 paypopup.com #cooklop
O1 - Hosts: 64.200.25.145 www.paypopup.com #cooklop
O1 - Hosts: 64.200.25.145 worldsex.com #cooklop
O1 - Hosts: 64.200.25.145 www.worldsex.com #cooklop
O1 - Hosts: 64.200.25.145 free6.com #cooklop
O1 - Hosts: 64.200.25.145 trafficmp.com #cooklop
O1 - Hosts: 64.200.25.145 www.trafficmp.com #cooklop
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {AFABA179-93BB-ED48-47B8-968D5AA34A20} - C:\WINDOWS\system32\sngsqloe.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BCMSMMSG] BCMSMMSG.exe
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [DVDSentry] C:\WINDOWS\System32\DSentry.exe
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Roxio\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [ConMgr.exe] "C:\Program Files\EarthLink 5.0\conmgr.exe"
O4 - HKLM\..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe
O4 - HKLM\..\Run: [sr1exe] "C:\Documents and Settings\All Users\Application Data\Dell\Alert\252\updtSup3.exe"
O4 - HKLM\..\Run: [2LRX2W83X2T3MQ] C:\WINDOWS\System32\Xowexd5.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [REGSHAVE] C:\Program Files\REGSHAVE\REGSHAVE.EXE /AUTORUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [VBouncer] C:\PROGRA~1\VBouncer\VirtualBouncer.exe
O4 - HKLM\..\Run: [] c:\WINDOWS\System32\
O4 - HKLM\..\Run: [// Browser Detec] c:\WINDOWS\System32\// Browser Detection
O4 - HKLM\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINDOWS\System32\NS4 = (document.layers) ? true : false;
O4 - HKLM\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINDOWS\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKLM\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINDOWS\System32\IE4plus = (document.all) ? true : false;
O4 - HKLM\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINDOWS\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKLM\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINDOWS\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKLM\..\Run: [IE5plus = IE5 || ] c:\WINDOWS\System32\IE5plus = IE5 || IE6;
O4 - HKLM\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0;
O4 - HKLM\..\Run: [if (IE4p] c:\WINDOWS\System32\if (IE4plus)
O4 - HKLM\..\Run: [      IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINDOWS\System32\      IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKLM\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINDOWS\System32\// Body onload utility (supports multiple onload functions)
O4 - HKLM\..\Run: [var gSafeOnload = new Arra] c:\WINDOWS\System32\var gSafeOnload = new Array();
O4 - HKLM\..\Run: [function SafeAddOnloa] c:\WINDOWS\System32\function SafeAddOnload(f)
O4 - HKLM\..\Run: [      if (IEmac && IE4)  // IE 4.5 blows out on testing window.on] c:\WINDOWS\System32\      if (IEmac && IE4)  // IE 4.5 blows out on testing window.onload
O4 - HKLM\..\Run: [function SafeOnlo] c:\WINDOWS\System32\function SafeOnload()
O4 - HKLM\..\Run: [            gSafeOnload[i] c:\WINDOWS\System32\            gSafeOnload[i]();
O4 - HKLM\..\Run: [function isInt(nu] c:\WINDOWS\System32\function isInt(numIn)
O4 - HKLM\..\Run: [      var checknum = parseInt(num] c:\WINDOWS\System32\      var checknum = parseInt(numIn);
O4 - HKLM\..\Run: [      return !isNaN(checkn] c:\WINDOWS\System32\      return !isNaN(checknum);
O4 - HKLM\..\Run: [function PUW_In] c:\WINDOWS\System32\function PUW_Init()
O4 - HKLM\..\Run: [      if (gPopupWindow.CheckFrequenc] c:\WINDOWS\System32\      if (gPopupWindow.CheckFrequency())
O4 - HKLM\..\Run: [function PUW_Sh] c:\WINDOWS\System32\function PUW_Show()
O4 - HKLM\..\Run: [      var newWin = window.open(this.url,this.name,settin] c:\WINDOWS\System32\      var newWin = window.open(this.url,this.name,settings);
O4 - HKLM\..\Run: [      if (! this.on] c:\WINDOWS\System32\      if (! this.ontop)
O4 - HKLM\..\Run: [            window.focu] c:\WINDOWS\System32\            window.focus();
O4 - HKLM\..\Run: [function PUW_CheckFrequen] c:\WINDOWS\System32\function PUW_CheckFrequency()
O4 - HKLM\..\Run: [      var shouldShow = this.frequency !] c:\WINDOWS\System32\      var shouldShow = this.frequency != 0;
O4 - HKLM\..\Run: [            var allCookies = document.coo] c:\WINDOWS\System32\            var allCookies = document.cookie;
O4 - HKLM\..\Run: [                        end = allCookies.len] c:\WINDOWS\System32\                        end = allCookies.length;
O4 - HKLM\..\Run: [                  var freqStr = allCookies.substring(start+9,e] c:\WINDOWS\System32\                  var freqStr = allCookies.substring(start+9,end);
O4 - HKLM\..\Run: [                  if (isInt(freqS] c:\WINDOWS\System32\                  if (isInt(freqStr))
O4 - HKLM\..\Run: [                        this.frequency = parseInt(freqS] c:\WINDOWS\System32\                        this.frequency = parseInt(freqStr);
O4 - HKLM\..\Run: [                  this.frequenc] c:\WINDOWS\System32\                  this.frequency--;
O4 - HKLM\..\Run: [            ] c:\WINDOWS\System32\            else
O4 - HKLM\..\Run: [                  shouldShow = fa] c:\WINDOWS\System32\                  shouldShow = false;
O4 - HKLM\..\Run: [            var exp = new Dat] c:\WINDOWS\System32\            var exp = new Date();
O4 - HKLM\..\Run: [            exp.setTime(exp.getTime()+this.renew*60*60] c:\WINDOWS\System32\            exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKLM\..\Run: [      return shouldS] c:\WINDOWS\System32\      return shouldShow;
O4 - HKLM\..\Run: [function PopupWindow(url,width,hei] c:\WINDOWS\System32\function PopupWindow(url,width,height)
O4 - HKLM\..\Run: [      this.width = wi] c:\WINDOWS\System32\      this.width = width;
O4 - HKLM\..\Run: [      this.height = hei] c:\WINDOWS\System32\      this.height = height;
O4 - HKLM\..\Run: [      this.top = screen.availHeight/2 - height/2; // ce] c:\WINDOWS\System32\      this.top = screen.availHeight/2 - height/2; // center
O4 - HKLM\..\Run: [      this.left = screen.availWidth/2 - width/2; // ce] c:\WINDOWS\System32\      this.left = screen.availWidth/2 - width/2; // center
O4 - HKLM\..\Run: [      this.url = ] c:\WINDOWS\System32\      this.url = url;
O4 - HKLM\..\Run: [      this.showDelay = 2] c:\WINDOWS\System32\      this.showDelay = 2000;
O4 - HKLM\..\Run: [      this.frequency = 1; // how many times show per renewal time pe] c:\WINDOWS\System32\      this.frequency = 1; // how many times show per renewal time period
O4 - HKLM\..\Run: [      this.renew = 1; // renew showing every x h] c:\WINDOWS\System32\      this.renew = 1; // renew showing every x hours
O4 - HKLM\..\Run: [      this.scrollbars= fa] c:\WINDOWS\System32\      this.scrollbars= false;
O4 - HKLM\..\Run: [      this.toolbar= fa] c:\WINDOWS\System32\      this.toolbar= false;
O4 - HKLM\..\Run: [      this.statusbar= fa] c:\WINDOWS\System32\      this.statusbar= false;
O4 - HKLM\..\Run: [      this.resizable = fa] c:\WINDOWS\System32\      this.resizable = false;
O4 - HKLM\..\Run: [      this.locationbar = fa] c:\WINDOWS\System32\      this.locationbar = false;
O4 - HKLM\..\Run: [      this.menubar = fa] c:\WINDOWS\System32\      this.menubar = false;
O4 - HKLM\..\Run: [      this.ontop = fa] c:\WINDOWS\System32\      this.ontop = false;
O4 - HKLM\..\Run: [      this.Init = PUW_I] c:\WINDOWS\System32\      this.Init = PUW_Init;
O4 - HKLM\..\Run: [      this.Show = PUW_S] c:\WINDOWS\System32\      this.Show = PUW_Show;
O4 - HKLM\..\Run: [      this.CheckFrequency = PUW_CheckFreque] c:\WINDOWS\System32\      this.CheckFrequency = PUW_CheckFrequency;
O4 - HKLM\..\Run: [function PUWSta] c:\WINDOWS\System32\function PUWStart()
O4 - HKLM\..\Run: [      gPopupWindow.Ini] c:\WINDOWS\System32\      gPopupWindow.Init();
O4 - HKLM\..\Run: [SafeAddOnload(PUWSta] c:\WINDOWS\System32\SafeAddOnload(PUWStart);
O4 - HKLM\..\Run: [gPopupWindow.toolbar = fa] c:\WINDOWS\System32\gPopupWindow.toolbar = false;
O4 - HKLM\..\Run: [gPopupWindow.statusbar = fa] c:\WINDOWS\System32\gPopupWindow.statusbar = false;
O4 - HKLM\..\Run: [gPopupWindow.resizable = fa] c:\WINDOWS\System32\gPopupWindow.resizable = false;
O4 - HKLM\..\Run: [gPopupWindow.ontop = fa] c:\WINDOWS\System32\gPopupWindow.ontop = false;
O4 - HKLM\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINDOWS\System32\A:hover {background: #FFCC00; color: black;}
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [] c:\WINDOWS\System32\
O4 - HKCU\..\Run: [// Browser Detec] c:\WINDOWS\System32\// Browser Detection
O4 - HKCU\..\Run: [NS4 = (document.layers) ? true : fa] c:\WINDOWS\System32\NS4 = (document.layers) ? true : false;
O4 - HKCU\..\Run: [IEmac = ((document.all)&&(isMac)) ? true : fa] c:\WINDOWS\System32\IEmac = ((document.all)&&(isMac)) ? true : false;
O4 - HKCU\..\Run: [IE4plus = (document.all) ? true : fa] c:\WINDOWS\System32\IE4plus = (document.all) ? true : false;
O4 - HKCU\..\Run: [ver4 = (NS4 || IE4plus) ? true : fa] c:\WINDOWS\System32\ver4 = (NS4 || IE4plus) ? true : false;
O4 - HKCU\..\Run: [NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:fa] c:\WINDOWS\System32\NS6 = (!document.layers) && (navigator.userAgent.indexOf('Netscape')!=-1)?true:false;
O4 - HKCU\..\Run: [IE5plus = IE5 || ] c:\WINDOWS\System32\IE5plus = IE5 || IE6;
O4 - HKCU\..\Run: [IEMajor ] c:\WINDOWS\System32\IEMajor = 0;
O4 - HKCU\..\Run: [if (IE4p] c:\WINDOWS\System32\if (IE4plus)
O4 - HKCU\..\Run: [      IEMajor = parseInt(navigator.appVersion.substring(start+5,en] c:\WINDOWS\System32\      IEMajor = parseInt(navigator.appVersion.substring(start+5,end));
O4 - HKCU\..\Run: [// Body onload utility (supports multiple onload functi] c:\WINDOWS\System32\// Body onload utility (supports multiple onload functions)
O4 - HKCU\..\Run: [var gSafeOnload = new Arra] c:\WINDOWS\System32\var gSafeOnload = new Array();
O4 - HKCU\..\Run: [function SafeAddOnloa] c:\WINDOWS\System32\function SafeAddOnload(f)
O4 - HKCU\..\Run: [      if (IEmac && IE4)  // IE 4.5 blows out on testing window.on] c:\WINDOWS\System32\      if (IEmac && IE4)  // IE 4.5 blows out on testing window.onload
O4 - HKCU\..\Run: [function SafeOnlo] c:\WINDOWS\System32\function SafeOnload()
O4 - HKCU\..\Run: [            gSafeOnload[i] c:\WINDOWS\System32\            gSafeOnload[i]();
O4 - HKCU\..\Run: [function isInt(nu] c:\WINDOWS\System32\function isInt(numIn)
O4 - HKCU\..\Run: [      var checknum = parseInt(num] c:\WINDOWS\System32\      var checknum = parseInt(numIn);
O4 - HKCU\..\Run: [      return !isNaN(checkn] c:\WINDOWS\System32\      return !isNaN(checknum);
O4 - HKCU\..\Run: [function PUW_In] c:\WINDOWS\System32\function PUW_Init()
O4 - HKCU\..\Run: [      if (gPopupWindow.CheckFrequenc] c:\WINDOWS\System32\      if (gPopupWindow.CheckFrequency())
O4 - HKCU\..\Run: [function PUW_Sh] c:\WINDOWS\System32\function PUW_Show()
O4 - HKCU\..\Run: [      var newWin = window.open(this.url,this.name,settin] c:\WINDOWS\System32\      var newWin = window.open(this.url,this.name,settings);
O4 - HKCU\..\Run: [      if (! this.on] c:\WINDOWS\System32\      if (! this.ontop)
O4 - HKCU\..\Run: [            window.focu] c:\WINDOWS\System32\            window.focus();
O4 - HKCU\..\Run: [function PUW_CheckFrequen] c:\WINDOWS\System32\function PUW_CheckFrequency()
O4 - HKCU\..\Run: [      var shouldShow = this.frequency !] c:\WINDOWS\System32\      var shouldShow = this.frequency != 0;
O4 - HKCU\..\Run: [            var allCookies = document.coo] c:\WINDOWS\System32\            var allCookies = document.cookie;
O4 - HKCU\..\Run: [                        end = allCookies.len] c:\WINDOWS\System32\                        end = allCookies.length;
O4 - HKCU\..\Run: [                  var freqStr = allCookies.substring(start+9,e] c:\WINDOWS\System32\                  var freqStr = allCookies.substring(start+9,end);
O4 - HKCU\..\Run: [                  if (isInt(freqS] c:\WINDOWS\System32\                  if (isInt(freqStr))
O4 - HKCU\..\Run: [                        this.frequency = parseInt(freqS] c:\WINDOWS\System32\                        this.frequency = parseInt(freqStr);
O4 - HKCU\..\Run: [                  this.frequenc] c:\WINDOWS\System32\                  this.frequency--;
O4 - HKCU\..\Run: [            ] c:\WINDOWS\System32\            else
O4 - HKCU\..\Run: [                  shouldShow = fa] c:\WINDOWS\System32\                  shouldShow = false;
O4 - HKCU\..\Run: [            var exp = new Dat] c:\WINDOWS\System32\            var exp = new Date();
O4 - HKCU\..\Run: [            exp.setTime(exp.getTime()+this.renew*60*60] c:\WINDOWS\System32\            exp.setTime(exp.getTime()+this.renew*60*6000);
O4 - HKCU\..\Run: [      return shouldS] c:\WINDOWS\System32\      return shouldShow;
O4 - HKCU\..\Run: [function PopupWindow(url,width,hei] c:\WINDOWS\System32\function PopupWindow(url,width,height)
O4 - HKCU\..\Run: [      this.width = wi] c:\WINDOWS\System32\      this.width = width;
O4 - HKCU\..\Run: [      this.height = hei] c:\WINDOWS\System32\      this.height = height;
O4 - HKCU\..\Run: [      this.top = screen.availHeight/2 - height/2; // ce] c:\WINDOWS\System32\      this.top = screen.availHeight/2 - height/2; // center
O4 - HKCU\..\Run: [      this.left = screen.availWidth/2 - width/2; // ce] c:\WINDOWS\System32\      this.left = screen.availWidth/2 - width/2; // center
O4 - HKCU\..\Run: [      this.url = ] c:\WINDOWS\System32\      this.url = url;
O4 - HKCU\..\Run: [      this.showDelay = 2] c:\WINDOWS\System32\      this.showDelay = 2000;
O4 - HKCU\..\Run: [      this.frequency = 1; // how many times show per renewal time pe] c:\WINDOWS\System32\      this.frequency = 1; // how many times show per renewal time period
O4 - HKCU\..\Run: [      this.renew = 1; // renew showing every x h] c:\WINDOWS\System32\      this.renew = 1; // renew showing every x hours
O4 - HKCU\..\Run: [      this.scrollbars= fa] c:\WINDOWS\System32\      this.scrollbars= false;
O4 - HKCU\..\Run: [      this.toolbar= fa] c:\WINDOWS\System32\      this.toolbar= false;
O4 - HKCU\..\Run: [      this.statusbar= fa] c:\WINDOWS\System32\      this.statusbar= false;
O4 - HKCU\..\Run: [      this.resizable = fa] c:\WINDOWS\System32\      this.resizable = false;
O4 - HKCU\..\Run: [      this.locationbar = fa] c:\WINDOWS\System32\      this.locationbar = false;
O4 - HKCU\..\Run: [      this.menubar = fa] c:\WINDOWS\System32\      this.menubar = false;
O4 - HKCU\..\Run: [      this.ontop = fa] c:\WINDOWS\System32\      this.ontop = false;
O4 - HKCU\..\Run: [      this.Init = PUW_I] c:\WINDOWS\System32\      this.Init = PUW_Init;
O4 - HKCU\..\Run: [      this.Show = PUW_S] c:\WINDOWS\System32\      this.Show = PUW_Show;
O4 - HKCU\..\Run: [      this.CheckFrequency = PUW_CheckFreque] c:\WINDOWS\System32\      this.CheckFrequency = PUW_CheckFrequency;
O4 - HKCU\..\Run: [function PUWSta] c:\WINDOWS\System32\function PUWStart()
O4 - HKCU\..\Run: [      gPopupWindow.Ini] c:\WINDOWS\System32\      gPopupWindow.Init();
O4 - HKCU\..\Run: [SafeAddOnload(PUWSta] c:\WINDOWS\System32\SafeAddOnload(PUWStart);
O4 - HKCU\..\Run: [gPopupWindow.toolbar = fa] c:\WINDOWS\System32\gPopupWindow.toolbar = false;
O4 - HKCU\..\Run: [gPopupWindow.statusbar = fa] c:\WINDOWS\System32\gPopupWindow.statusbar = false;
O4 - HKCU\..\Run: [gPopupWindow.resizable = fa] c:\WINDOWS\System32\gPopupWindow.resizable = false;
O4 - HKCU\..\Run: [gPopupWindow.ontop = fa] c:\WINDOWS\System32\gPopupWindow.ontop = false;
O4 - HKCU\..\Run: [A:hover {background: #FFCC00; color: bla] c:\WINDOWS\System32\A:hover {background: #FFCC00; color: black;}
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsearch.html
O8 - Extra context menu item: Backward &Links - res://C:\Program Files\Google\GoogleToolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cac&hed Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar2.dll/cmcache.html
O8 - Extra context menu item: Coupons - file://C:\Program Files\couponsandoffers\System\Temp\couponsandoffers_script0.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Si&milar Pages - res://C:\Program Files\Google\GoogleToolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar2.dll/cmtrans.html
O9 - Extra button: AIM (HKLM)
O9 - Extra button: Real.com (HKLM)
O9 - Extra button: MoneySide (HKLM)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} (CInstall Class) - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab


Any help will be appreciated.

Thanks!
 
Related Solutions
Keywords: System32 pop-up and adware pop…
Title
1 HIJACKTHIS
2 AntiSpyware Master Infection - have …
3 HijackThis and Spybot log analysis
4 Hijackthis
5 hijackthis
6 Help with interpreting HiJackThis log
 
Loading Advertisement...
 
[+][-]09/04/04 02:41 PM, ID: 11981894Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/04/04 02:47 PM, ID: 11981921Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/04/04 04:10 PM, ID: 11982278Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/04/04 04:13 PM, ID: 11982286Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/04/04 04:18 PM, ID: 11982298Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/04/04 04:20 PM, ID: 11982303Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/05/04 12:48 PM, ID: 11985422Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/05/04 01:08 PM, ID: 11985505Accepted Solution

View this solution now by starting your 30-day free trial. Setting up your free trial is quick, easy, and secure. We will return you to this solution, unlocked, when you're done.

About this solution

Zone: Windows Network Security
Tags: system32, up
Sign Up Now!
Solution Provided By: SheharyaarSaahil
Participating Experts: 1
Solution Grade: A
 
[+][-]09/05/04 01:11 PM, ID: 11985523Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/05/04 01:13 PM, ID: 11985537Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/05/04 01:13 PM, ID: 11985538Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/05/04 01:14 PM, ID: 11985540Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/05/04 01:15 PM, ID: 11985548Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/05/04 01:18 PM, ID: 11985558Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
[+][-]09/05/04 02:28 PM, ID: 11985875Author Comment

Often, when Experts are collaborating with members who have asked questions, they will request additional information about the problem. Askers respond with an author comment like this one.

Start your 30-day free trial to view this Author Comment or ask the Experts your question.

 
[+][-]09/05/04 02:34 PM, ID: 11985911Expert Comment

At Experts Exchange, members can ask their questions to thousands of technology professionals, also known as Experts. Experts compete and collaborate to answer those questions by leaving comments like this one.

Start your 30-day free trial to view this Expert Comment or ask the Experts your question.

 
 
Loading Advertisement...
20091021-EE-VQP-81